diff --git a/pkgs/applications/misc/makeself/default.nix b/pkgs/applications/misc/makeself/default.nix index 9ea5f18ee62..e433b83cdeb 100644 --- a/pkgs/applications/misc/makeself/default.nix +++ b/pkgs/applications/misc/makeself/default.nix @@ -1,23 +1,25 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchgit }: stdenv.mkDerivation rec { - name = "makeself-2.1.5"; - src = fetchurl { - url = "http://megastep.org/makeself/makeself.run"; - sha256 = "0khs19xpid4ng0igrjyz3vsi6a5xyixrrrhgdxpdhd2wnf5nc9w2"; + name = "makeself-2.2.0"; + src = fetchgit { + url = "https://github.com/megastep/makeself.git"; + rev = "b836b9281ae99abe1865608b065551da56c80719"; + sha256 = "f7c97f0f8ad8128f2f1b54383319f2cc44cbb05b60ced222784debdf326f23ad"; }; - unpackPhase = "sh ${src}"; installPhase = '' - cd ${name} mkdir -p $out/{bin,share/{${name},man/man1}} - mv makeself.lsm README $out/share/${name} + mv makeself.lsm README.md $out/share/${name} mv makeself.sh $out/bin/makeself mv makeself.1 $out/share/man/man1/ mv makeself-header.sh $out/share/${name} sed -e 's|HEADER=`dirname $0`/makeself-header.sh|HEADER=`dirname $0`/../share/${name}/makeself-header.sh|' -i $out/bin/makeself ''; - meta = { + meta = with stdenv.lib; { homepage = http://megastep.org/makeself; description = "Utility to create self-extracting packages"; + license = licenses.gpl2; + maintainer = maintainers.wmertens; + platforms = platforms.all; }; } diff --git a/pkgs/desktops/gnome-2/desktop/vte/default.nix b/pkgs/desktops/gnome-2/desktop/vte/default.nix index aca30f87dfc..30c8bf07d41 100644 --- a/pkgs/desktops/gnome-2/desktop/vte/default.nix +++ b/pkgs/desktops/gnome-2/desktop/vte/default.nix @@ -11,11 +11,8 @@ stdenv.mkDerivation rec { patches = [ ./alt.patch - ( fetchurl { # CVE-2012-2738 - url = "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/x11-libs/" - + "vte/files/vte-0.28.2-limit-arguments.patch?revision=1.1"; - sha256 = "1s8agx74wa7wlv9ybd5h3dp4hzf4ddg7piyan37g2ab3fnvg4jhn"; - } ) + # CVE-2012-2738 + ./vte-0.28.2-limit-arguments.patch ]; buildInputs = [ intltool pkgconfig glib gtk ncurses ] ++ diff --git a/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch b/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch new file mode 100644 index 00000000000..fd454079390 --- /dev/null +++ b/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch @@ -0,0 +1,40 @@ +From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001 +From: Christian Persch +Date: Sat, 19 May 2012 17:36:09 +0000 +Subject: emulation: Limit integer arguments to 65535 + +To guard against malicious sequences containing excessively big numbers, +limit all parsed numbers to 16 bit range. Doing this here in the parsing +routine is a catch-all guard; this doesn't preclude enforcing +more stringent limits in the handlers themselves. + +https://bugzilla.gnome.org/show_bug.cgi?id=676090 +--- +diff --git a/src/table.c b/src/table.c +index 140e8c8..85cf631 100644 +--- a/src/table.c ++++ b/src/table.c +@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array, + if (G_UNLIKELY (*array == NULL)) { + *array = g_value_array_new(1); + } +- g_value_set_long(&value, total); ++ g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT)); + g_value_array_append(*array, &value); + } while (i++ < arginfo->length); + g_value_unset(&value); +diff --git a/src/vteseq.c b/src/vteseq.c +index 457c06a..46def5b 100644 +--- a/src/vteseq.c ++++ b/src/vteseq.c +@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal, + GValueArray *params, + VteTerminalSequenceHandler handler) + { +- vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG); ++ vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT); + } + + static void +-- +cgit v0.9.0.2